Vulnerability CVE-2018-15473


Published: 2018-08-17

Description:
OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

See advisories in our WLB2 database:
Topic
Author
Date
Low
OpenSSH 7.7 - Username Enumeration
Justin Gardner
24.08.2018
Low
OpenSSH < 7.7 User Enumeration (2)
Leap Security
05.12.2018

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version: 9.0; 8.0;
Vendor: Openbsd
Product: Openssh 
Version:
7.7
7.6
7.5
7.4
7.3
7.2
7.1
7.0
6.9
6.8
6.7
6.6
6.5
6.4
6.3
6.2
6.1
6.0
5.9
5.8p2
5.8
5.7
5.6
5.5
5.4
5.3
5.2
5.1
5.0
4.9
4.8
4.7p1
4.7
4.6
4.5
4.4p1
4.4
4.3p2
4.3p1
4.3
4.2p1
4.2
4.1p1
4.1
4.0p1
4.0
3.9.1p1
3.9.1
3.9
3.8.1p1
3.8.1
3.8
3.7.1p2
3.7.1p1
3.7.1
3.7
3.6.1p2
3.6.1p1
3.6.1
3.6
3.5p1
3.5
3.4p1
3.4
3.3p1
3.3
3.2.3p1
3.2.2p1
3.2.2
3.2
3.1p1
3.1
3.0p1
3.0.2p1
3.0.2
3.0.1p1
3.0.1
3.0
2.9p2
2.9p1
2.9.9p2
2.9.9
2.9
2.5.2
2.5.1
2.5
2.3.1
2.3
2.2
2.1.1
2.1
2
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux server 
Version: 6.0;
Product: Enterprise linux desktop 
Version: 6.0;
Product: Enterprise linux workstation 
Version: 6.0;
Vendor: Canonical
Product: Ubuntu linux 
Version:
18.04
16.04
14.04
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.openwall.com/lists/oss-security/2018/08/15/5
http://www.securityfocus.com/bid/105140
http://www.securitytracker.com/id/1041487
https://access.redhat.com/errata/RHSA-2019:0711
https://bugs.debian.org/906236
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
https://lists.debian.org/debian-lts-announce/2018/08/msg00022.html
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0011
https://security.gentoo.org/glsa/201810-03
https://security.netapp.com/advisory/ntap-20181101-0001/
https://usn.ubuntu.com/3809-1/
https://www.debian.org/security/2018/dsa-4280
https://www.exploit-db.com/exploits/45210/
https://www.exploit-db.com/exploits/45233/
https://www.exploit-db.com/exploits/45939/

Related CVE
CVE-2019-11596
In memcached before 1.5.14, a NULL pointer dereference was found in the "lru mode" and "lru temp_ttl" commands. This causes a denial of service when parsing crafted lru command messages in process_lru_command in memcached.c.
CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
CVE-2019-11498
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file ...
CVE-2019-2683
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged att...
CVE-2019-2632
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Pluggable Auth). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows unauthenticated attacker with...
CVE-2019-2628
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access v...
CVE-2019-2627
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Easily exploitable vulnerability allows high p...
CVE-2019-2614
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.43 and prior, 5.7.25 and prior and 8.0.15 and prior. Difficult to exploit vulnerability allows high privileg...

Copyright 2019, cxsecurity.com

 

Back to Top